tv Key Capitol Hill Hearings CSPAN January 16, 2015 10:00am-12:01pm EST
the delegation traveling this weekend including patrick leahy and from the house, chris van hollen, read more at theblaze.com. british prime minister david cameron is in the white house today meeting with the president. the two leaders will have a joint press conference scheduled for 12:20 pm. with the senate, live coverage over on c_span 3. at noon, a group of foreign policy and military strategist
chief took part in the discussion yesterday on the strategic implications on the north korea cyberattack on sony pictures. this is 90 minutes. >> good afternoon, everybody. thank you for coming this afternoon to our event on the sony cyberattack and strategic implications. about four years ago, i had the pleasure to work with general hayden and some others to put on cyber shockwave __ the idea was to simulate a cyberattack as the national security council and see how the united states would react, and see if we had the policies in place to
__ if not prevent __ react in a reasonable way to cyberattack. one particular change that stuck in my mind was we had someone playing attorney general and said, mr. president, we do not have the authorities that you have requested us to do. stewart baker, who has a great book, he started pounding on the table and said, it's eternal general does not have the authority, you should go and find the authority. four years later, i'm not sure if we found authorities to deal with the sony cyberattack, or myriad of others that happen every year. somebody has finally changed in the conversation we had been having.
just as last week, the president has been pushing for new proposals around cyberattacks. we'll finally see some changes in policy when comes to cyber security. when trying to move the needle on cyber security, we put a show on cyberattack, but it took a cyberattack on a show for things to start changing. to look at some of the controversy around the way the u. s. has reacted __ whether it is attribution or severity, what the role of the u. s. government retaliating is. we have an excellent panel today. if you follow national security in washington, you surely read and learn from our guest articles. she is the lead national security journalist at the "washington post."
let me turn it over to alan. >> thank you very much. thank you to the bipartisan policy center for putting on this panel. the panelists do not need much in the way of introduction. i will keep it brief. to my left is chairman mike rogers spent 14 years and the house representing his michigan district. he is a former fbi special agent, turned a radio talkshow host. his own sort of commentary called, "something to think about with mike rogers." next to him is general mike hayden __ retired air force
general, former cia director, former nsa director, a history major, and a pittsburgh steelers fan. now, principal at the churchill institute. he is also writing a book about his career. then, we have doctor paul stockton __ former secretary of defense, guided the defense critical protection program. i wanted to open my saying, we at the "washington post" also have a cyber security summit every year. for a couple of years, we created our own wargame, and
came up with fictitious oil and gas companies, banking firms, they were hacked by fictitious asian and middle eastern companies that sent viruses and created chaos in the economy, but never did across her mind to have north korea target a hollywood movie studio for a film about a cia plot to assassinate kim jong_un. the koreans wanted brad pitt to play kim __ >> i thought it was funny. >> thank you. seriously, we have had countless intrusions into the u. s. critical infrastructure and companies dealing with intellectual property.
you have heard rogers and others say this is the biggest transfer of wealth in history. we've seen penetrations and the white house and pentagon. as it was pointed out, it took the hack on sony for the u. s. government to react and give a firm response __ unprecedented, really. we actually named publicly north korea, and vowed to punish the country. we will go over this attack and the implications. the strategy and cyber security. i will briefly recap what happened. sony discovered the attack on november 24, just before thanksgiving. a virus wipes thousands of hard drives and put sony computers out of commission for weeks. about one week after that, the hackers __ guardians of peace
__ began posting embarrassing emails online making big headlines about studio executives making racially charged remarks. about mid_december, the hackers ratcheted up. they put a threatening message online. threatening violence against theaters that had showed the film. they alluded to 9/11. at that point, theaters got nervous and wanting to show the film. sony said if they will not show the film, we have to cancel the release for christmas day. that created a huge controversy. the next day, president obamacare __ obama convened a meeting. the next day, they publicly
named north korea, saying it was behind it, and we will take a proportional response. that is the scenario. i want to turn to you chairman rogers. the government has said that this was a destructive and course of attack. how do you assess the tag? do you think the president made the right call in naming north korea? >> i decide to take four days with my wife before i left office. i spent three of them on the phone talking about this issue. no one is more angry at north korea than i am, and my wife. we had seen cyberattacks before, clearly.
we have never seen a nationstate use its capabilities __ albeit somewhat limited __ in a way that actually destroy data. they went into a company, and not only did they play the fun and games part, certainly embarrassing. it also destroy data. it stole intellectual property. it destroyed enough data to make it difficult for stories operate. there was a period in which it was very concerning if they would be able to function as a business. it was more than a little destructive. that is a very different game for us. we have seen othe ca __ other countries do it. we saw. do it to saudi arabia.
this is a whole new day in cyberspace for host of reasons. now the united states will have to show that it will not tolerate it. everyone is watching. iran is watching. russia's watching. china is watching. these are the steps now that we have to work our way through as a country. naming them was a good thing. i thought was important thing to do. there are other things that we will need to do. and it needs to be smartly, if we're talking about six months from now. >> the attack was destructive of data and computers, yet sony is not critical infrastructure company. it is a hollywood movie studio. it is not fall into any of the categories of critical infrastructure __ oil, gas, banking.
the president did not call this an act of war __ an act of cyber vandalism. general hayden, how would you have assessed the attack? >> some of the things that determine already said. first of all, this was on an arc that was predictable. i do not think that any of us were surprised that this was going to happen. it is on a continuum __ a very predictable continuum. this is a nationstate attacking american business __ not for profit but to course. that is a big deal. it is a relatively new deal. the second point is, i'm quite comfortable with the government assessment.
i probably would've tried to strike that point proportional. i think we should give them comfort in saying that our response would be proportional. proportional gave them too much relief. north korea did it. it was a new marker of a nationstate doing something to course. >> was this different than the attack by iran? >> yeah. our government is kind of feckless in its response. we will get around to our usual effort here __ to be of the victim. we'll get to that directly.
sony will have to answer a whole lot of questions. >> so you were surprised? >> i am pleased, maybe modestly surprised. i would have struck proportional. i would pick a fight where we want it. this sense implications beyond cyber stuff. this is a pathological little gangster state that wants to hold at risk different things of value to different people in the world. we have allowed them to reach __ to take the game into a different domain. just for a moment, not particularly cyber related, north korea foreign_policy has been like the instructions on your shampoo bottle __ provoke,
accept concessions, repeat. it has not been on a stable line. they have taught us to tolerate evermore provocative actions. i would really fight to get the word proportional out of the talking points. >> doctor stockton, how would you weigh in on this? >> i agree with what you say about this being a game changer. it is a game changer in another way as well. that is, we know now that a nation with 1000 of the nation's gdp has weapons to launch a major attack against the united states. that is very different than seizing operational control __
nevertheless, we have had a wake_up call here. that is, the trend is one way __ toward nations acquiring increasingly destructive weapons, and a growing number of countries being able to acquire these weapons. i will disagree with my old friend, doctor hayden, here and say, i think it was terrific that the president name the reaction to be proportional. i believe that proportionality is a standard that the united states ought to be exposing. i think we need to be standing
up to the loss of conflict in the cyber realm that will be good for the united states and u. s. security. i believe proportionality is a very important principle. in the law of war, the military objective, you are trying to take down through attack __ does not cause disproportionate suffering in a civilian population. i think that is a great principle. we can imagine how an attack on a power plant might affect a nearby military facility. but is that attack has amassed impact on the civilian population, i would say let's take that off the table. that is not legitimate attack in the realm of cyber conflict. >> you brought the issue of threshold. people often get caught up in
these debates __ is this an act of war, what is an act of war? what this attack, or hack, showed is that if it is not an attack of war, it can cause a serious national security issue, and can come up with a u. s. government response. do you think this is a teachable moment? your point of creating norms __ are we working towards articulating clear norms about what is acceptable behavior or not in cyberspace? >> i think we know it is unacceptable. the problem is __ we wrestled with this for years. what is the appropriate response? >> that is hard.
>> i think you are both right, and i'm not even in congress anymore. i think the general is trying to say that you do not want to advertise what we do believe we have the right to do in the case when a nationstate attacks a u. s. company. that's what i thought i heard you say. i think you're right. we do not want to tell them what we have. this is exactly the kind of debate that we had behind closed doors about trying to figure out what is the right way forward. how much authority do you give are capable readies cyber forces, who are ready to go. they were absolutely ready to go, just waiting for the right instruction. we never really got that through, what the right instruction was.
you have to establish your defenses first. if we do not have some way for the government to at least assist the private sector in particular networks, it makes very little sense to go over and create trouble. they will not come for the government networks, they will go after these private companies. that is a small taste of what we saw for sony. you start multiplying that on the supply chain. you have a whole another discussion __ have they attacked are critical infrastructure. you can imagine how troubling this problem is. i argue, dig in, and that we have a discussion on how we can maybe move out. >> i wanted to pick up on that point, but i also wanted to interject one question.
do you think it's the theaters and sony had not canceled the release of the film, would you feel, if you're in the government, advocating for naming the public state responsible and taking some public response? >> yes. you saw the congressman condit danced around __ the iranians did massive attacks on u. s. banks. you cannot find someone currently in government who said that the iranians did that __ i think that gets wrapped around a whole lot of mac road geopolitical __ now that i said it, we can move on. i think it is tied to broader diplomatic negotiations.
i was heartened that we said what we said about north korea. i think paul and i are talking past one another __ of course, principles of proportionality. i'm talking about proportionality in terms of a state response __ we do not have to live our state response. we have a lot more power, and should not be afraid to use it. to your question __ it is hard to say. we've not yet worked out a taxonomy in a cyber domain that we have in physical space. it took us a couple of millennia to decide when it comes to territoriality.
this tony and spit some heavy lifting here, where they tried to be and to suggest definitions in the cyber domain. it is not even an official nato document, and certainly not u. s. policy. it reflects the struggle that we have now __ how do you categorize events in the cyber domain, in a way that tells you what it is or is not a legitimate response. we have not done it yet. >> what you think, doctor? with the pentagon coming up with elaborate scenarios on different types of attacks, and appropriate responses. >> i think the pentagon, very recently, has been making important progress on exactly the lines that you mention, chairman rogers. that is the importance oof the
contributions to tax united states. we need to be able to create doubts in the mind of the attack. as to whether or not the taxable to succeed. moreover, if we do retaliate, we need to understand that if they escalate and come back at our infrastructure at a more intensive level, we can handle that. are privately held infrastructure is resilient. >> deterrence by denial. >> deterrence by denial. that is the phrase. the pentagon is now making progress in that direction. >> let's talk about the response that the obama administration made.
they showed after new year's, new sanctions on three north korean entities and 10 individuals. do you think __ how likely do you think it is to get them to change their behavior? do you think more ought to be done? >> i think they are pretty light. they are symbolic at best. we had had sanctions in the past. we were surprised it works so well __ when you turn it up on the elite for luxury goods, and the ability to exchange money, you do have an effect on the regime. those sanctions imposed last month are not those. >> what is to be done?
>> i have been in the meetings, i was not in these, they are always hard. you have to be careful. you are looking at this narrowly. we have been pretty light. >> what about you, chairman? >> tthere are a whole series of second wave advance that i think we ought to engage in. the longer this goes __ the worst off we are. they really need to have a more instantaneous impact. it was announced, and shortly after that, everyone buckled down, nothing happened of any real significance. i agree __ the sanctions were like, at best. there's really no financial grind to impact.
most people do not have electricity. one in 10 have access to electricity, and that is not for 20 __ 24 hours per day. if you're going to do this, you have to impact those who have the niceties of life. that is the challenge. again, do not do it. i soon after the announcement, we would see a list of sanctions, and a series of events that would make the north koreans say, that was not worth it,, and the movie was not that good either. >> have you seen it? >> i have not. >> china is north korea's main benefactor, and only real purveyor of internet access. what you think of asking china, or getting china to influence over north korea in order to ratchet back and contain north korea's behavior?
>> chinese policy is self_defeating. i think it is contrary to chinese interests. what they need in northeast asia as a root canal. they are afraid to go to the dentist. they just pop in aspirin as soon as they can to dull the pain. again, this is a pathological gangster state, and a source of instability for the chinese. they have not quite yet gotten themselves to the position where they feel like they really need to go to the dentist and do something drastic. you would think that they would of a nudge in the right direction, but so far the president has enough challenges of his own. we can began to extort in the
sino_american relationship, but i do not think their race act. again, it that is contrary to long_term chinese interest. >> now that north korean troops are going across the chinese border __ it happened yesterday __ in order to steal food from chinese civilian __ i think we see further evidence of the instability that confronts china. i am more optimistic that the sanctions that the president announced will have an impact on the elite. i think the secretary of the treasurer pointed out that third parties who are assisting north korea, they will be facing sanctions. that is the kind of bytes that i think could be helpful over the long_term. let me say one thing __ i do
not believe that when nations like north korea launch cyberattacks, we should go to responding in kind __ launching cyberattacks of ourselves. i think we should keep our ability to cyberattack protected, they are arw crown jewels. >> there was much speculation as to who was behind it. we heard recently that that the white house said that the sanctions were there first response. who do you think might have done it? >> i think someone tripped over the extension cord, and it went down. this is not a sophisticated
system. north koreans did not have some new cyber technique. they do not have any new malicious source code that we were not aware with. they just went around and took things that had artie been exposed, and put it together. there was some reengineering in the code, they found ways to get it out of north korea to find surreptitious ways to get it out. this was not horrifically sophisticated. when you talk about not using our best weapons __ that should really scare the produces out of all of us. the company that was attacked in 2011 was penetrated by what was essentially known to the hacker community all the world. you could get on my right now, and probably compile most of the malware that they used.
that tells you that a company that was attacked in 2011, did not protect intellectual property. i think this one movie costs and $30 million to make. it was unsecure. they obviously knew that they are subject to being hacked. that's what worries me more than anything. >> the hackers were in for at least three weeks before they were detected. >> that can be defined as part of the problem that sony will eventually be beaten up for __ what were you thinking, what were your cyber defenses? it was an attack by nationstate. that should affect our own government calculation as to what the government's appropriate role might be, as opposed to a private enterprise out there on their own. >> can i just say __ my point
was __ is a group in north korea can put together something to go against a company that has artie been hacked, imagine what a nation states capabilities __ and malicious code out there that has not been exposed to the public __ what that might be. >> you look at cataloging cyber centers. you have powerful nationstates, criminal gains, and the disaffected. i think in between __ both with iranian and north korean attacks are teaching me __ in between are these isolated, perhaps dispirited nation states who have a lot less to lose in going deep in a cyberattack. we imagine the scenario __ the
chinese are turning off all the lights on the eastern target. i would allow myself to make the statement, if that were really happening in the real world, that would probably be the second or third item on the nsa agenda that morning. there would probably be enough going on in the sino_american relationship that that would be a subset. what scares me is that a nation state feels like to have nothing to lose __ the isolated nationstate. we just saw north korea. let's play the scenario forward, where the talks fail. this is an achievable option for them to create great having.
it gives these __ not even regional powers __ sub regional powers, a global reach that they have never had before, and a mindset in which they might be more willing to use it. >> that's why we need to continue to encourage the private sector to adopt cyber security framework that is put out. that is not enough. we need to not only ensure that our networks are better protected from attack, we need to assume that precisely because cyberattack capabilities are getting better, assume that the perimeter of defense will fail. we need to be able to restore the functionality of critical infrastructure.
we need to think further __ say for example that the power grid is taken out __ how will the government support the restoration in the same way that the national guard supported the restoration in hurricane sandy? how do you clear the debris, how does that apply in the realm of cyber? no only electricity, water, wastewater. we need to think not only about better protections against attacks, better perimeter security, and also how we can restore the functionality of critical infrastructure. and how the government can be useful, as opposed to being in the way. >> that is an interesting and great question. what is the role of the
government and responding to attacks on critical infrastructure? i'd like to know, chairman rogers, what you think. if there is a debilitating attack, would it be up to deal with the or dhs to rush in and tried to restore what has gone wrong? >> i think you would get a mixed reaction. as the power grid goes out in the eastern united states, clearly there is a public interest in restoring power. you want the fire tractor is show up, the police truck, the guy with the 80 pound head to show up as well who can get in and fix your problem. the problem now is, and i think this is why so many of us were
not sony, is the destructive nature of it. it is not just fun and games. the real game changer was the destruction of property. that is equally possible in our electric grid. it is not just a matter of turning your lights off __ and that we flick it back on. that would take weeks, if not months, and sometimes it would mean bringing in new equipment that we may or may not have access to. it is a new level of concern because of the destructive nature. no matter what we say about russia, china, or others __ rational actors __ china does not want to turn off our power, they owe us too much money. if you think about this, we know that they are already on our electric grid. why are they there?
you want to be in so that if you ever need the opportunity to flip the switch _ _ this is not some orwellian 20 years from now, we know that nationstates have penetrated our electric grid. just like you want to know where our nuclear weapons are, they want to be ready to flick the switch. that is what i found so concerning. if you have a nationstate that is willing to put that much talent and effort on one company __ and by the way, if a nation state wants to get in your company, they will get in your company. there must be some sort of sharing agreement about what we know. >> president obama announced new legislation on information sharing and liability protection.
in this case, the department of homeland security. >> i cyber sharing bill that gives liability? what a great idea. >> is it legislation that you can support? do you think it goes far enough? >> i have been through this many times. the change, the president is engaging. that is a significant change. >> he tried to be to your bill. >> he did. >> over insignificant privacy protections. >> it was actually the liability piece. for the present them to come out __ this is a good thing. now we will get in a debate. i have been here before. we are a long way from the cyber sharing piece of
legislation. we have a planet to feed. there is still a lot of difference in the senate. i had a senior senator tell me that they still have to get the 60 votes. that tells me that we're still in an uphill battle to getting something done actually works. congress can pass __ the problem is, it has functional substance to it, it is like dissing your sister. in a day when nationstates
aredestroying data,we must move beyond that. >> what sony __ and in a parallel way, paris, has done __ we're probably not entering the post node era. >> you mean the pendulum is swinging back? >> i'm using temperature for my metaphor. [laughter] it did, it froze the debate. now we are returning to it. that is a good thing. where it ends up, we will see. at least we're coming back to the question now. >> in defense of that bill, all the players in the house and senate __ the bill collapsed the friday of the week before
that we adjourned. it was still in play up until friday. then, the weight of it collapse on itself, people walked out the room, it was done. unfortunately. i think it was that close. you can do it again. you have new players. can they do it? they may even do it in this year. it will be a challenge. >> that would be wonderful. there is not only more motivation, i think the president's proposal has more straight. i think the proposed change __ the computer fraud and abuse act, to make it explicit to
criminals, to potential bad actors in north korea __ the more significant weapons that we need to be concerned about. not only has north korea given us more impetus to pass legislation, i think this is a strong legislative proposal. >> every ornament to you hang on this tree becomes a weight and an anchor. someone will have an issue with every one of those issues that you propose. my argument, they really want to be successful __ we were very close __ it is doable. that deal was there, on the table. >> how much goodwill really do if it does pass? a lot of companies may not even have trained personnel to make use of this. >> you are targeting upstream.
you want as much of that malicious code weeded out of the system. machine to machine speaking to each other, millions of times a second. if it is not that, if there is any pickup in the system, it will not work. sony did a decent job in their external security. they thought that their goods, and the security company said they were good. you have to hit the upfront. if you do not hit it upfront, it will not work. >> i have criticized the government having feckless in its response. frankly, i am 40 years in government, i think at the continuing state, we have not decided what we want our
government to do, or what we will let them do in the cyber domain. i think that in this domain, the private sector is far more the important factor in response and resiliency. when you pass a law like this that is about liability protections, what in essence that is doing, is the government unleashing the private sector to do far more than that it has felt comfortable doing in the past. i think it is a recognition that the main body and the fight is a private sector. i think philosophically is on the correct course. >> i agree. i think the private sector always and needs to be in the lead, not only for prevention, but also support. but we had only been talking at the federal level at this point. state government, and state
utility commissions have a vital role to play. if industries will make the kinds of investments necessary, they need to be able to recover the cost __ and rates for electricity, and other utilities, are set at the state level. what we like today are the criteria __ the decision criteria as to what constitutes a prudent investment against the increasingly severe threats __ nontraditional threats. we understand what sorts of investments need to be recoverable in a sort of super's storm sandy. we begin to build consensus to build for cost recovery going forward. >> i like to open it up to questions. what can you tell us __
chairman hayden __ chairman rogers or general hayden __ about the main north korean hacker unit. how large is it? how sophisticated arts abilities? is it really trained by the chinese? >> i cannot talk about some the specifics of the question. i can tell you that some countries, including north korea, understood that they needed to have this investment. for a very small investment, you can have a very powerful tool in your arsenal. what we found was __ they have their own limited capabilities even from within the country to do something. they had to go external to the country. they were willing to put a program together that stretch
beyond their borders, both physically and their ability to put something together that use proxy servers to get the malware on target. again, this should be one of those teachable moment for all of us __ that somebody like north korea, where so few people have access to electricity, were willing to make this commitment. it has had a big impact, we have talked about all day. it almost took an american company off the map. it almost came as close __ i cannot wait until the book comes out on that. i think they are recovered well, doing all their functions again. when you look at how close it was, it gives you a bead of sweat. just one investment away from one of these countries __ or an organization __ from getting
the right people in the right place to pull this off. it is not huge. obviously, they have a capability issue of getting the access to the latest technology. they got over those hurdles because they are so invested in it. what i walk away from this is __ this is pretty interesting. the chinese have huge operations, and getting bigger, not smaller. north korea does not, but they have this new capability that they felt was very important __ other than firing artillery rounds to the island the south. >> i think that is an important part. this is a country that is survived by its ability to provoke. they were kind of running the table unconventional methods. they invested in nuclear weapons. here's a country that probably has half a dozen weapons __
also having a functioning icbm, and most of the country each spark. that is remarkable commentary on how committed they are to doing us. the secret to the provocation is __ they are surrounded by powerful mature countries. someone once described north korea as that house in a very nice suburb where the lawn is uncapped, and there are several vehicles up on the lawn __ the rest of the neighborhood wants to do something about it, but they are afraid to because they have threatened to burn down the neighborhood. frankly, getting these kinds of tools make those kinds of threats more real. besides all the things we're tying run the cyber domain and the arc, and getting to the next level. it is very troubling.
>> that's uplifting. >> on that note, i will open up the questions. yes, sir. please identify yourself. >> steve crocker. i have been listening, and i understand the passion. let's imagine all the constraints come off. the legislation passes, economic restraints, and so forth. all this information sharing. i think allen's question toward the end, i would ask more poignantly. what is all this legislation, all the capabilities going to do to prevent __ i do not quite see how the pieces connect.
suppose the company has given all the authority to do whatever it wants to do, what in fact is to be done? sure all the information you want, sony still gets wiped off the map. >> again, this was the biggest myth that we cannot get over when we were debating the legislation the last couple years. the nsa does not monitor private networks in the united states. i know that comes as a shock to most. they are not monitoring private sector networks. it is against the law. they do not do it. that is 85% of the networks. so, they come back with some pretty interesting stuff. by the way, the private sector can share with you. that is really important. when they see anomalies, they can fire it back, and the nsa
can see it __ that is bad. right now, they cannot do that. though a chance that we have now is that an fbi and agent knocks on someone's door and says, i do not know if you know this or not, it i was the government and i can help you. that is too late. this spreads out the ability to do that. now, the private sector __ high up in the distribution chain, if you will __ at the provider level, can protect itself from really nasty stuff. then, you have this mutual sharing. so, if north korea were to sample someone else, someone sees it, shares it back to the nsa __ they look at it and say this is a problem, and shared back out in a classified way.
that way, we see it coming before it comes. i believe it will help. it will not help and always. it will allow companies to focus on a whole other host of problems. right now they are fighting everything __ russia, china, iran __ nnow they're fighting north korea. >> another way will improve, precisely the share that you've been talking about, right now in some sectors of infrastructure, there is good sharing within the sector. there is not enough cross sector sharing. this legislation will provide for organizations threat signatures to be shared to the other sectors can protect itself against it. >> we heard it from the defense
contractors __ even when the government declassified and shares threat data. they find that we already have the signatures, their old, or came too late to help. if the private sector share this information with dhs and shares in real_time with the nsa, how can we __ >> if i can address this __ there is a mixed bag of capabilities in the private sector. there are some companies who are exceptionally good at this, and would likely have a good percentage of that source code. i will tell you __ there was more that was not able to be shared. remember, if we collected in a classified way, it needs to be shared in a classified way.
these companies just did not have the ability to share this information. they did not get everything, they got a lot. they have probably seen things that the government has not seen. you would want to learn from them. the higher we build this wall, the better we all are __ that is a terrible analogy. the better capabilities we build up on all levels. now, these good companies they say, you are now sharing all that with everybody. even the supply chain. the guys thinking, you have to became me, i went to school to learn this trade, now i have to understand how some company in europe is getting into my system to attack my customer. this build all that
capabilities so that back i does not have to worry about it. that is how this works, so everybody will get better. the government will get better. folks who are at ground zero >> i reinforce everything that has been said. if we do this well, we will advance along an important front, but only one front. by definition, sharing what is known with one another cannot protect you against a zero day. we are all first-generation drivers. we think traffic lights are suggestive rather than mandatory. there is a lot of education that needs to go on. there are whole industries about ready to break into this domain
that will make it better -- insurance, all right? the insurance industry has made the automobiles safer. it will be through economic incentive. i do not want to pay this much i want to pay this much for insurance. internationally -- at some point like-minded nations, and i include the chinese, because it is against their long-term national interest to foster a piratical regime. this is lower-hanging fruit. let's take it and move forward. >> yes, sir.
>> ohio state had a great defense when they played oregon, and that was a big enabler for them to win that game. if ohio state had not had a good offense, their defense would have been on the field the entire time and oregon would have found a way to score big and deep against ohio state. waiting in defense is allowing him someone to punch you in the face. what does the panel think about allowing both at the government level, at the corporate level, and at the individual level to have a more offensive capability, given each one of those, i.e., have companies begin to offer rather defensive tools, but offensive tools that raise the risk factor for those who are attacking you? >> ok. >> a terrible idea. >> the chairman is mumbling this
being a terrible idea. this is beginning to smack of cyber stand your ground legislation that cyber stand your ground legislation, but i am not sure if i am 100% wrong. people who know this problem will start to get quaky when i begin to talk this way. i have told the government is late to lead, and i am predicting the government will be permanently late to lead. so the application of the computer fraud and abuse act, in equal measure to someone trying to defend his network compared to someone who is trying to attack someone else's network, may be unwise. and there may be some space for the private sector to conduct what in the physical domain i would call counter battery fire, under very strict and limited circumstances, because it is very difficult
for the government to do that in this domain. what i would say, what people begin to get forceful in response, but i am willing to entertain the idea, and if you think it is really crazy, we talk about domains, in one of these other domains, the maritime domain, the government is late to lead, and the constitution allows the congress to issue letters of marque and reprisal, which is the private sector doing what we consider to be a governmental function in this domain when the government was inadequate to lead. i do not dismiss it philosophically, but i trend back toward the chairman here, there are a lot of practical issues that could turn this into a free fire zone, which is not beneficial to anyone. >> when you are shooting, they may not shoot back to you. that is the problem.
so i am not necessarily opposed to offense -- the government has a very good offensive capability. we have not decided as a public how to use it or has a government policy body, no one has decided to use it, so we do not. the problem -- you are asking a corporation where you will get these mixed capabilities, and i cannot tell you how many cio's i have met who say this is not a problem, you are going to have someone come in and go, i can figure this out. i have never seen such confidence as i have people in cyberspace. god bless them. somebody is going to misfire and it will not be that particular company that pays the price. it will be a swath of people that play the price. a foreign nation state like iran or russia or china or north korea will not say it is from company a. they will say it is coming from the united states of america
and let's pay them back. now you have got this problem of an escalation of which you did not start and you are not sure how you are going to stop it. i think we are not mature enough to have any private sector offensive capability. they can do things now that are offensively defensive, if you know what i mean. >> let's talk about that and another potentially crazy idea rather than capturing the arrows, kill the archer, right? there are opportunities if it appears there is an imminent attack on the united states, critical infrastructure, national security network, to preemptively attack before we suffer the attack. this is riddled with problems because we can get into a situation of great instability. if there is an enormous advantage to go first in cyber
realm, we begin to build doctrine to take us in that direction, you can imagine how ultimately we could end up in a situation of strategic instability that would lead all of our nations, including the united states, to be in a more precarious position. >> i am trying to figure out exactly the red line that was crossed that made the white house respond in the case of sony, and chairman rogers said it was distructive and other people said that the manual makes the decision between destroying data and machines. the state department had a hearing earlier this week and described it as a freedom of speech issue and did not mention the destructiveness of the attack, and there are other issues, attribution is good in this case, it is big, hitting north korea is not the worst thing in the world compared to china.
i am wondering what the panel can say, what is the red line, because this is going to set precedent in the future, domestically and internationally? thanks for me, it was the coercion. -- >> for me, it was coercion. it was to change behavior, and i think that sets in motion an awful lot of concerns inside our broader society. >> again, if there had been no coercion, just distruction perhaps no response, no real response. wouldn't that cross the threshold? >> if that were to happen in a financial institution and the bank does not know how much money you have in it and you do not know how much money you have, now we have a problem. they have stolen my money, and the damage will have a magnitude larger impact on the economy. it had an economic impact for the company itself, sony, so i look at it differently. i thought that data destruction
in and of itself was the first item of trouble that to me was a game changer because we've not seen that before. we've seen countries or nation-states or international criminal organizations with the capability to do that, poking around a little bit, which makes you nervous, then it they took it one step farther. then they threatened violence. they said if you show this movie at these theaters, there will be violence. that it is a another magnitude of problem that they introduced into a cyber threat. >> they are trying to get us to adopt their version of the first amendment, which is no first amendment. political coercion, that is why it crosses a red line. >> i think the other mike rogers, the nsa director, said publicly last week that this is -- was not the first destructive cyber attack on u.s. soil. there is another issue about was
really truly destructive destructive in the sense of international law where you physically destroy something, a computer or building, or destructive in a more general sense, destructive of data business operations. i'm not sure, was it really destructive? were computers -- did they have to be replaced? >> absolutely. i am positive. and the fact that -- imagine if i walked into your server farm where you put your most sensitive data and i pulled the pin on a grenade and rolled it in and walked out. it is killed, it blows up, and i have destroyed a lot of valuable they that. that is not coming back. this was the problem here, that they had data destructed -- that is the phrase -- to the point that they are were populations
that cannot function, and is not easily replaced. not that they went in and unplugged it and plugged it back in. that did not happen. that in my mind is destructive and destructive in the sense of the willing to do it for the finances of a company like sony, get another company that is part of some place in our logistics chain of our critical infrastructure, which is a lot. that impacts pretty significantly, defense, finance, electric grid, food, water distribution, all that -- airlines. now you start thinking, if they did that same attack somewhere else, and again it lulled us in because it is a stupid idea to pick sony over a movie.
and what if they wanted to make a point and just down the electric grid in every theater that showed the movie? let's do it that way. now we would be having a very different conversation, but that distracted data meant their business was economically impacted and can be physically impacted. think about people who have to go back to writing checks to pay your bills. >> so that is the red line for you, is data destruction? >> absolutely, because you can extrapolate that to any other sector that would cause more significant economic disruption. i argue it disrupted that company economically. it will be interesting to see the tally of loss when it is done, i understand their p.r. circle in that. the p.r. circle is writing, go rent "the interview." that is a smart thing to do, but
the real damage is yet to come out, and now you will have another series of events where you will have consumer suits and shareholder suits. fun and games for sony is just about to begin. i think it is going to have a tremendously bad economic impact on that company. >> the next time there is a cyber attack on a u.s. company that destroys data, do you think the u.s. should come out and name the country that is behind it and post some sort of sanctions? >> i sure hope so. otherwise, you invite further attacks. that is why this is such an important step that the president and the administration have taken. >> first, in the bluiee sweater. >> we speak about the capability of a big corporation to deal with that issue, but what about federal government and state governments, because the last government report by government
showed that up to 9000 federal government facilities were vulnerable for cyber attacks dhs. do you think that it is now the federal government and the state level federal government had good strategies for dealing with that issue? and a second question -- we are speaking about russia, iran, north korea -- but do you think north korea -- but do you think a group like isis can use this cyber weapon against the united states like north korea did? >> i will start on the second one. maybe you can answer on the government side. i will go with the government
side, which i do not think is prepared way they should be. late adopter for everything. other than raising taxes, or good or bad. that is what we are good at. oh, come on, people, lighten up. on the isis problem, here is what we saw developing. we saw al qaeda groups were advertising for people with capability, which told us they had the aspiration to do it. at least the people when i left a couple weeks ago had the capability to do it. you saw a lot of in isis, a lot in france, a lot of it was the softer targets that they were shutting down. isis capability in social media is shockingly good. shockingly good. they are on the cutting edge of using social media to promote their goals, aims, and objectives. it would lend one to believe that it is easier given the level of people interested in participating, i would worry and
i would try to monitor their ability to get from -- and they have the same aspiration -- can they get from that aspirational stage to an operational stage? remember what was concerning about north korea, they took things in the open and used it. they did not create anything new. they just took what was out on the internet. i do not think they are there yet. i know they have the aspiration. i worry, what is their learning curve? and it takes getting three or four people of the right capability in the room dedicated to this cause, to cause somebody harm, and i do not think it would be significantly sophisticated, but you see them do it. you see these other jihadist organizations, including those supported by iran, out there. you can make this leap pretty easily. i am not going to lose sleep tonight about it
i would begin to worry about it in the weeks and months ahead in their level of recruitment in places like syria to their cause. >> i have been surprised it has not happened yet. it would seem to be an easy approach. the cost of entry is low. the ability to disrupt is high. i have searched my mind, why not? they are good on the net recruiting, training proselytizing, raising funds but we have not seen destructive attacks of networks or data or physical destruction. i do not know. i will continue to talk, however. a speculative view. it may not be the kind of heroic destruction that fits the model. they criticize us as being unheroic and unmanly.
this would be the ultimate in remote creation of destruction and maybe it just does not fit the style, and that is why they are late to it. i am with the chairman, they are late to it, but i expect they will get there. >> i'm with the chairman, too. that is why we need to focus on deterrence by denial. threats of retaliation against the islamic state, al qaeda in the arabian peninsula, we cannot hold things hostage, certainly for cyber retaliation. that will drive their behavior. that's why we need to be able to strengthen our networks so they do not have the incentive to attack us. so our networks do not present the lucrative target that they might today. >> did you want to address -- >> [indiscernible] >> the federal government is working very hard in order to
strengthen the resilience of government networks against attack. important steps are being taken by dhs and defense to harden networks. perhaps most interesting state , governments and governors across the nation, the national governors association, are beginning to take this seriously, because if there is a successful attack on lifeline infrastructure, not only do we have to restore the functionality, we have to deal with the physical consequences the large-scale threats to public health and what could occur if water and wastewater systems are disrupted. governors are taking this very seriously. a great opportunity for progress and partnership of government support of industry. >> there are a lot of interesting happening at the state level, and louisiana has a very aggressive, dynamic original kind of program. what a lot of states are doing
the governors in the role of commander in chief, are repurposing national guard units and using them in a militia status to protect state networks. that is a nice -- that will create ideas to be disseminated. >> those national guard units are the most effective on the cyber security front. if you take a sampling of our cyber defenses, they have all the benefits of the private sector real time, and weekends and two weeks of the year, it has been very effective. >> a couple more. how about you back there? >> [indiscernible] one of the cornerstones of the proposal unveiled on tuesday
liability protection to share data, and most people know that the job of identifying the guy that does insider threat detection. i wonder, general hayden someone who is familiar with insider threat detection, can it be applied to cyber security more generally? anomaly detection seems broad and no one is quite sure what it is, but it seems that is what we are going to be talking about more. in a post-snowden environment, does everyone agree that is what we are in, and what are the indicators of that besides just more enthusiasm on the white house for better cyber security legislation like we saw this week? >> one of the things i have seen
in the shift in the fight, and a lot of ways of doing this, and the history of cyber defense has been defending at the perimeter wall, the firewall, and prevent penetration. the three of us have made the case that they determine actors are getting in. now defense has got to be thinking about how do i manage consequences, presumption of breach, penetration, and by people who know this for better than i, everybody gets penetrated, the difference is between flash and bang, the difference between the penetration and the discovery of the penetration. and here, unlike traditional firewalls where you are trying
to guess the next zero day, here to focus is not out, but in. here you are looking at the behavior of your own network and looking anomalies using one of those powerful algorithms that palantir or somebody else develops. you become your own big data and suddenly your algorith goes you never saw that over there. no indication of a zero day or penetration. it is just anomalous behavior. that is where the current technological and entrepreneurial energy is. that is a very good thing. >> we can do and are going to do a lot better on security clearance management and making sure people, including systems administrators who have the keys, are affected in a more -- are vetted in a more
appropriate way. instead of having periodic waves of userability, to have a security clearance every 5 or 10 years, there will be continuous evaluation make you are suitable to hold these clearances. that is one of the changes that came out of the washington navy yard shootings, and that addresses the broader context of insider threats, including the cyber realm. >> another post-snowden comment? >> wishful thinking on my part. >> i think he is waning. >> as a guy who lived through -- >> not snowden, but the snowden phenomenon raised serious questions. this is not a battle between the forces of light and the forces of darkness. this is a question of a free people trying to balance their privacy and liberty with their security and safety. one of the byproducts was freezing the debate, not advancing it. >> on the insider threat, before
this happened, we put money in and, as chairman, we understood -- and i worry about counterintelligence issues first. one of the things we realized upfront was our audit capability was very inconsistent beyond certain places, in certain places. there was a whole host of reasons for that, and most of them you would come to the conclusion they made the right decision at the right time. we added more money to push out this notion of auditability, makes it more difficult for someone to do what the nsa contractor did, break in, steal stuff, and run out the door. so one problem we had was the slowdown in the program, and one of the areas that did not get the audit capability was hawaii. you look at it and we thought, we had it right, we resourced it right, and the capability was growing, somebody got one step
ahead of the system. that person would have known that because he did some time back here where that audit capability was. i found that fairly interesting. >> last question, anyone? there is a microphone. >> thank you very much. much discussion about the coercive destructive nature of the attack, but was vandalism the right overall categorization of the attack? >> no. >> no, and i now you're going to ask what you would call it. i am not sure. vandalism sounds like somebody breaking into the subway car and this was more serious. i have had some exposure to the real effects. just on a human level, this was really traumatic for an awful lot of people.
not an act of war, i am ok with that, but i would have to search for a good word that has higher torque than vandalism. >> it went beyond the glue in the lock. i do not know what i would've called it, but it really gave them a pass for doing something dangerous, destructive, and remember they were threatening people who were going to the movie theater and thought they were doing it through some cutout, which i feel very confident in the fbi's public statement that it was north korea. i feel very confident in that piece of information. so that was such a big game changer when you diminish what they actually did. i think that is not helpful to the cause. >> it was called cyber terrorism. is it cyber terrorism? >> it was an attack on innocent
to create a political effect. >> that political effect is very important, but not an act of war. what we need going forward is the spectrum of responses that we think about fairly in advance that are tailored to the kind of attack that adversaries inflict upon us. >> ok, thank you very much. thank you, all, for coming. >> hi. one of the great perks of my job is to thank terrific people for coming and sharing their thoughts with us. before i do one reflection, is we do this a lot. we have a lot of meetings, so you have come to them before. in my mind there is one thing that marks a great discussion and it is constructive disagreement. this town is a full of a lot of agreement, and we hear a lot very thoughtful, insightful agreement today. it is full of destructive agreement, and the ability to bring these kinds of people in a public space where they share
different views is what makes me proud of our activities. i would like to thank general hayden for joining us, and it is now dark outside. [applause] [captions copyright national cable satellite corp. 2015] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org]
>> the issue of cyber security was on the agenda in talks between president obama and british prime minister david cameron today. hold a press conference at 12:20 pm eastern. the president might be asked about the announcement that maryland have an is stepping down. bloomberg writes in november she acknowledged her agency made a mistake in its calculation of the number of people enrolled under obamacare. secretary of state john kerry is in paris. he visited with french president francois hollande, later telling an audience he wanted to share a big hug, reiterating solidarity with france. here is a look at what some of
that some of what secretary kerry had to say today. >> thank you for the generous welcome. and thank you for reminding us of the extraordinary history that ties us together. what an honor for me to be here in this historic building, which the mayor just talked about and shared some of the history. a moment ago, in her office, she showed me a photograph, and historic photograph, of the resistance members sitting there in her august -- office in august of 1944. they remind her of the close his store inescapable -- historic inescapable relationship between our countries, and i appreciate your generous comments about all of our mayors. i know you have a warm relationship with them.
not only am i in an historic building i am with an historic mayor, who is the first woman to serve in this office, and that is no small thing. so, it is a privilege for me to be here with you, and i am particularly honored to be with members of a law enforcement community, those who were so directly engaged and affected by the events, and you honor us, and you honor me, and my country, by being here today and thank you so much for that. >> we will show you all of secretary kerry's remarks later today here on c-span. you can also watch all of it on our website, c-span.org. coming up life at noon, -- live at noon, a group of foreign policy and military strategists will discuss proposals for combating global jihadist ideology. live coverage at noon eastern on
c-span3. >> the deadline for the c-span student cam video competition is tuesday. get entries completed now. produce a five to seven-minute documentary on the theme the three branches and you. for a list of the rules, go to student cam.org. dr. anthony fauci, our guest this sunday on "q and a." >> we have drugs right now that are given to people that are hiv-infected. i can show you the dichotomy. in the early 1980's if someone came into the clinic with aids the median survival would be six to eight months, which means half of them would be dead in eight months. now, tomorrow, when i go back to rounds on friday, and someone
goes into a clinic that is 25 years old, and relatively recently infected and i put them on a combination of three drugs a cocktail, i can accurately predict, look them in the eye and we can do mathematical modeling to say if you take your medicine regularly, you can do in -- live an additional 50, 5-0 years. knowing that you could live essentially a normal lifespan, just a few years left than a normal lifespan -- that is a huge advance. >> the director of the national institute of allergy and infectious diseases sunday night at 8:00 p.m. eastern and pacific on c-span's "q&a." >> a three-judge panel at the
ninth circuit court of appeals in san francisco heard oral argument monday on the constitutionality of an arizona state law banning ethnic studies. it led to the banning of an american ethnic studies program in the tucson unified school district. a group of students sued arguing it is overly broad discriminatory and violates free speech. this is 45 minutes. >> good morning, may it leaves the court. -- may it please the court, i would like to reserve five minutes for rebuttal. state and local governments have tremendous discretion in setting the curriculum of public schools. the supreme court has repeatedly made clear that there are constitutional limits. this is the exceptional case where the state has violated those limits by a law that prohibits speech and it does so in terribly overbroad and vague language. it is also a law that has
motivated and is implemented with a discriminatory animus toward mexican-americans. the district court correctly found that section a3 was unconstitutionally overbroad. it prohibits courses or classes designed primarily for minority students. all teachers try to engage their students. a teacher in a class of primarily african-american or latino students would of course be expected to teach material designed to appeal to them. an english teacher who chose to take the works of my a angelo or toni morrison -- or a music teacher who brought in rap lyrics or hip-hop to african-american-latino students would violate the statute. but the same notes of a2 and a4, are also overbroad. section a2 says a class on the basement of race is prohibited. last week we filed the judicial notice, a letter sent on january
2, notifying the tucson unified school district that it is in violation. the example he gives in that letter is a question that a teacher asked whether american slavery is particularly brutal how then is it possible to teach slavery in a matter that might not provoke -- promote resentment based on race treated how might a teacher teach about ferguson or policing in a matter that might not promote resentment on the basis of race. section a4 prohibits courses or classes that advocate ethnic solidarity, instead of treating people as individuals. i'm not sure what that means but i would focus on the examples where the superintendent a week ago friday found that tucson was
in violation. one was a class that simply said it would teach hip-hop music. another was a class that said it would look at mexican and mexican-american history. does it promote ethics solidarity at the expense of individuality? does patriotism? a stance that is fake and overbroad violates the student's first amendment right. if you look at the administrative law that judges order, he talks about how the look is at student work and decide if it highlights. the letter on january 2 talks about looking at student work. nicholas dominguez, on pages 1046 and 47. he changed what he wrote in his
essays because of knowledge of the law. this shows what teachers teach and that interferes with the right students to receive information. there are decorations in the record from teachers. you have decorations from curtis, from lorenzo lopez. in volume eight from sara rusk that it changed what they did as teachers. >> it was supposed to change what they did as teachers. >> yes, your honor, and a state may do so, but when a law is vague and overbroad and it has the tremendous sanctions this law does, then it risks chilling a tremendous amount of speech and that interferes with the right of students to receive information.
>> you agree i take it that the state does have the power -- the teaching is government activity and the state has the power to direct what is to be taught? >> yes, your honor. but when a law like here is enforced by looking at student work, then it goes beyond regulating speech. if you look at administrative law, and the superintendent's 2, both emphasized the need to -- letter from january 2, both emphasized the need to look at student work. that is chilling student fashion. >> it doesn't tell the student that he he can't speak in a certain it reflects what the student is taught. >> that is why the vagueness and
over-breadth of this of the statute is important. when is a student going to know that an essay is reflective of whether or not a teaching is promoting racial resentment. >> there is no sanction being taken against the student. it is taken against the course. that is, a course that produces this kind of student work is suspicious. >> that draws a distinction between a sanction between the school district and where the student suffers. here the school district loses 10% of its funds a month. those who would suffer are the students. >> only if what they are being taught isn't something they are entitled to receive. let's take the first one which is not at issue here. promote the overthrow of the united states government. is arizona allowed to enact that that provision? >> your honor, i think this, too, would be unconstitutionally vague and overbroad. here, too, the example from the superintendent letter is so important. notice in his letter of january
2, the example he picks with violence is having lyrics from the group rage against the machine taught how could any teacher know that a single song would do that? one of the key problems is language is taken out of con text from songs, from textbooks, and it is then used for violation. one of the things the supreme court -- >> i'm concerned here. is this an attack on the administrative law judge decision? the judge pointed to the a.l.j.'s decision as perhaps the solution to the overbread this problem. what do you fault in the administrative law judge decision? >> well, the administrative law judge attempted to narrow the statute, and the judge referred to it as sensible. it is important to look at the exact language. the judge said this is going to be narrowed to instances where it is biased, political or
emotionally charged. your honor, i would hope that teaching at all levels is emotionally charged. i don't know how to teach about slavery or racism and policing that is not so often biased in the eyes of the beholder. so the narrowing here is just as overbroad and vague. one of the prisons is vague and overbroad laws lead to discriminatory enforcement. that is what we have here. in answer to your question judge, this is both a facial challenge to the statute and also an as applied challenge which includes the administrative law judge decision. as long as the administrative law judge decision is there, it too will have a tremendous chilling effect on speech of students and of teachers.
the other key issue here goes to equal protection. the escort errored by granting some rejudgment with regard to equal protection in violation of rule 56-f of the federal rules of civil procedure. perhaps for this reason, the escort -- the distort applied the wrong standard. this court set -- said in pacific shores versus the city of new port. it is from 7 po f- 3 and 114 it. very little evidence is necessary to raise an issue of material fact. any indication of a discriminatory motive sufficient to raise a question bares up only by the fact finder, i would suggest that the evidence in this case more exceeds that. to begin with, he campaigned for this law by saying that he wanted to "stop laraza.” you find that quote on page 1288 of the record.
if you look at the dictionary as quoted on four of or applied brief, it is a synonym for the mexico-american people. for a key official with regard to law, if they want to stop the mexican-american people by this law, that clearly is enough to go to the trier of fact. >> was he using it to mean the mexican-american people? >> your honor, i cannot know weigh means. but when you look at words, it is common to look at the dictionary definition.
we quote a standard dictionary in footnote to page four of the applied brief. of course that is not the only evidence of discriminatory intent in this case. when he was secretary, warren said that three of the four ethnic study companieses likely violated the statute. the enforcement proceedings were brought only against mexican-american studies. horne before leaving office found that the entire tuscon procedure violated the statute. under the village of arlington heights, not following proper procedures is not key evidence. under arlington heights, discriminatory impact is relevant. 90% of the students in this program were mexican-american. >> i am not sure the arlington heights is a close one. the concern in arlington heights is the use of surrogates or subterfuge in order to
accomplish a goal of not having certain people live there. in this case it is not a case whether american-american students are going to be educated in tuscon schools, but what program is offered to them. >> but that is it the leading supreme court case that outlines what evidence is relevant with regard to discriminatory intent. the pacific shores case and the language i quoted says in implementing arlington heights very little evidence is necessary. >> what is the discrimination? it is not that there is not going to be education offered to american-american children. it is that particular programs shouldn't be offered? >> no. your honor. the point is the reason why the legislature adopted this and why they found violation was a discriminatory and muss against mexican-americans. the district court said secretary horne's not following procedures raised sparks and red
flags of discriminatory animous. we suggest it is much more than that when you look at the record here. it is also notable that when the superintendent took office, he commissioned his own study. that study found no evidence of violation of the statute, found that the courses were rigorous and very effective. he then ignored the report and found his own violations. after that an additional stud was done by the special master in the desegregation cation. both studies found that this course was tremendously effective from an educational perspective. the statistics here i point you to on page 202 and 203 of the report from the cabrera report students who participate in the program had 108% greater chance of graduating than those who didn't.
they found in 2008 those who participated in the program passed the standard math test 144% more, the writing test, 162% more, the reading test, 168% more. the question is, in light of those statistics, is there anything that explains this other than discriminatory and muss. there is potentially two explanations of what happened here. a benign explanation, an explanation about discriminatory animus. all i have just cited that the tier of fact could have concluded the latter. under pacific shores, they should have gone to that trier of fact. >> who would the trier of fact be? >> a judge because this is a case seeking injunketive and
declare tore relief. >> is there really any difference? if you heard from the same person who is the trier of fact, what changes? >> in this case, an enormous amount. the judge erred by granting summary judge. the rules of civil procedure say before a judge grants a motion there should be notice to the parties. here there is a great difference between the evidence that would be produced on a motion for preliminary junction. i will give you examples. the district court says there is no evidence of the report being disregarded. of course there was no evidence. there was no knowledge that summary judgment was going to be produced. he refers only to the complaints. i reserve my time for rebuttal. >> i have a couple of questions. >> sure, judge. >> you know that the justice has been a colleague of mine for a
good many years, and i know him as a very fair-minded person. and of course he himself has experienced considering racial discrimination in world war 23r -- world war ii. i can't believe he came with any racial animus. i tend to look at a starting point what was the judge like? do you want to come in on that? >> yes, of course. in no way do i attribute any racial animus to the judge. it is about the arizona legislature and the secretaries of education who implemented the
law. however, your honors, although the judge is your colleague, you have to give de novo review. here i believe the judge was correct in finding a-3 was unconstitutionally overbroad and vague, but by the same reasoning, so were a-2 and a-4. the judge made a mistake. he didn't follow rule-56-f of the rules of civil procedure. and maybe because of that reason he applied the wrong standard. >> i wanted to ask you what is the present situation? has this program continued defacto even though it has been attacked by the superintendent? is it still in place? >> your honor, the mexican-american studies program was eliminated after the administrative law judge decision because tuscon didn't want to risk loss of funds. but the statute remains in effect.
that is why the letter from the secretary from january 2, 2015 is so important. look at the things that he said currently are violating the statute. they so powerfully show the vagueness of the law. >> the program was abandoned but what is he objecting to now? >> i am sorry, your honor. i didn't hear. >> i'm sorry. as i understand, you are saying the school district abandoned the program, but the superintendent is still objecting to something? >> yes. >> what is he objecting to? >> the mexican-american studies program was eliminated, but the law remains in effect. i filed a letter last tuesday in this court asking that you take judicial notice of a letter from from the secretary issued january 2, 2015, finding that tuscon is currently in violation of the statute. that letter shows that this
statute continues to have great effect, and that letter shows better than any hypotheticals how tremendously overbroad and vague the statute is. i will save the rest of the time for rebuttal. thank you. >> may it please the court, my name is leslie cooper, and i am here on pavon of the state defendants. i would first like to address the january 2, 2015 letter from the superintendent. it is not part of the record and shouldn't be. and if it is, it should be viewed in context as part of a conversation with tusd that began with tusd agreeing to disband this mexican-american studies program after the
superintendent adopted the a.l.j.'s decision. it is a long letter and recounts in great detail the circumstances if the court is inclined, which it should not be, to read all of it. secondly, regarding student achievement and the purported effect of these programs on student achievement. that evidence is irrelevant here. in any event, the special master's study is not part of the record. it was presented to the judge just a few weeks before he issued his decision long after the case was briefed and oral argument heard. the state defendant ants objected to it, and there is no sign that the judge considered that evidence as part of the record. moving to the students first amendment -- >> wouldn't it potentially become part of the record or whatever evidence lay behind it if in fact summary judgment had been denied? i understand the argument being made is that the case shouldn't have been resolved at the time it was because there was relevant evidence that could have been submitted and could
have been considered by the court but for the fact of the summary judgment being granted. >> well, i'm not sure. the court should have been rejected that evidence even if it had been timely submitted. >> because? >> because the evidence of student achievement is irrelevant in this situation. >> why? >> the state has plenary authority to curriculum for its public school students. the supreme court has recognized this. >> that doesn't make it irrelevant. if it is demonstrated that a given program produces better results in terms of student achievement and that program is outlawed, it would seem to support an infernos of discriminatory intent if in fact educational achievement is more successfully attained through
the program. >> the question here is in fact the state's authority to set its curriculum. >> the state has the authority. but if the state rejects a program that is more effective in educating children, doesn't that suggest or strengthen the infernos the reason the state is acting not because it wants to produce better educated children? the state's regulation is intended with discriminatory intent to hold back a given group of the student population. >> i think then you need to look at the district court's decision below and its review of the evidence in terms of the equal protection claim. the court carefully reviewed that evidence using the standard set out in arlington heights and he concluded there was no evidence of discriminatory animus against a group of people
but about a program. >> let me ask you about the piece of the statute that was struck down by the district court as overbroad. >> yes. >> designed primaryly for pupils of a particular ethnic group. why doesn't that by itself suggest discriminatory animus? >> you need to look at the statute in its entirety. you need to look at the purpose as set out in 15:111. >> the statute specks in the -- speaks in the alternative, right? these courses are prohibitted if they fit one, two, three or four, right? >> yes, they do. >> so why shouldn't we focus then on each individually? >> you can focus, but you still must look at the stated purpose in focusing on each individual pronger. and you must also look at
112:e:3 that specifically permits classes about the history of an ethnic group as long as they are open to and for all students. so we can have the teaching about an ethnic group. it is the divisive, segregative, separationist teaching for one group that this statute is designed to prohibit. >> but it does have sub-part three. >> yes, it does. >> which doesn't speak at all about the content of the course. it assembly speaks of who the pupils are going to be. it is not hard to figure out that some classes are more attractive than others. nobody would be surprised that a mexican studies program might atract more mexican-american students. that doesn't mean the content of that program has to be offensive or contrary to the purpose the state has set out in other provisions of its statutes. but this statute, 12 -- 112 says you can't have a course designed for pupils of a particular eth
-- ethnic group. >> that is why you don't think you could give too much weight to the ethnicity of the students in the class when deciding how the district had designed the curriculum. the statute prohibits courses or closes which are designed for students of one ethnic group while simultaneously recognizing that courses that include the history of an ethnic group are fine. it prohibits classes for an ethnic group, not classes about an ethnic group. this is consistent with the